From 26ec47901c6754b9bf5bc0b922456ae494e6bd34 Mon Sep 17 00:00:00 2001 From: Girish Ramakrishnan Date: Wed, 14 Oct 2020 21:45:44 -0700 Subject: [PATCH] Enable LDAP --- CloudronManifest.json | 4 ++- start.sh | 19 +++++++++-- test/test.js | 79 +++++++++++++++++++++++++++++++++++++------ 3 files changed, 89 insertions(+), 13 deletions(-) diff --git a/CloudronManifest.json b/CloudronManifest.json index d5e4236..61b62b0 100644 --- a/CloudronManifest.json +++ b/CloudronManifest.json @@ -14,8 +14,10 @@ "localstorage": {}, "postgresql": {}, "redis": {}, - "sendmail": {} + "sendmail": {}, + "ldap": {} }, + "optionalSso": true, "tags": [ "video", "youtube", "vimeo", "blog", "instagram" ], "mediaLinks": [ "https://screenshots.cloudron.io/org.joinpeertube.cloudronapp/peertube-screenshot.jpg", diff --git a/start.sh b/start.sh index c1fd985..109b7f9 100755 --- a/start.sh +++ b/start.sh @@ -4,7 +4,7 @@ set -eu mkdir -p /app/data/storage -reset_root_password() { +first_time_setup() { sleep 10 while ! curl --fail http://localhost:9000/; do @@ -12,7 +12,20 @@ reset_root_password() { sleep 5 done + echo "==> Reset root password" echo "changeme" | npm run reset-password -- -u root + + if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then + echo "==> Installing LDAP plugin" + cd /app/code/cli && node dist/server/tools/peertube.js plugins install -n peertube-plugin-auth-ldap --url "${CLOUDRON_APP_ORIGIN}" --username root --password changeme + fi +} + +update_ldap() { + echo "==> Updating Ldap credentials" + + PGPASSWORD=${CLOUDRON_POSTGRESQL_PASSWORD} psql -h ${CLOUDRON_POSTGRESQL_HOST} -p ${CLOUDRON_POSTGRESQL_PORT} -U ${CLOUDRON_POSTGRESQL_USERNAME} -d ${CLOUDRON_POSTGRESQL_DATABASE} \ + -c "UPDATE plugin SET settings='{\"url\": \"${CLOUDRON_LDAP_URL}\", \"weight\": 100, \"insecure-tls\": false, \"bind-dn\": \"${CLOUDRON_LDAP_BIND_DN}\", \"bind-credentials\": \"${CLOUDRON_LDAP_BIND_PASSWORD}\", \"search-base\": \"${CLOUDRON_LDAP_USERS_BASE_DN}\", \"mail-property\": \"mail\", \"search-filter\": \"(|(mail={{username}})(username={{username}}))\", \"username-property\": \"username\"}' WHERE name='auth-ldap'" } # cd /var/www/peertube/peertube-latest/scripts && sudo -H -u peertube ./upgrade.sh @@ -23,7 +36,9 @@ if [[ ! -f "/app/data/production.yaml" ]]; then # this is sed because there are too many paths sed -e 's,/var/www/peertube/storage,/app/data/storage,g' -i /app/data/production.yaml - reset_root_password & + (first_time_setup && update_ldap) & +else + [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]] && update_ldap fi echo "==> Updating configs" diff --git a/test/test.js b/test/test.js index e2df120..b3b5501 100644 --- a/test/test.js +++ b/test/test.js @@ -34,8 +34,8 @@ describe('Application life cycle test', function () { this.timeout(0); var server, browser = new Builder().forBrowser('chrome').build(); - var username = 'root'; - var password = 'changeme'; + var username = process.env.USERNAME; + var password = process.env.PASSWORD; var email = process.env.EMAIL; before(function (done) { @@ -63,7 +63,7 @@ describe('Application life cycle test', function () { expect(app).to.be.an('object'); } - function login(done) { + function login(username, password, done) { browser.get('https://' + app.fqdn + '/login').then(function () { return browser.wait(until.elementLocated(by.id('username')), TEST_TIMEOUT); }).then(function () { @@ -79,6 +79,22 @@ describe('Application life cycle test', function () { }); } + function logout(done) { + browser.get('https://' + app.fqdn + '/my-account/videos').then(function () { + return browser.wait(until.elementLocated(by.xpath('//a[contains(text(), "My settings")]')), TEST_TIMEOUT); + }).then(function () { + return browser.findElement(by.xpath('//my-global-icon[@class="dropdown-toggle"]')).click(); + }).then(function () { + return browser.sleep(4000); + }).then(function () { + return browser.findElement(by.xpath('//a[contains(text(), "Log out")]')).click(); + }).then(function () { + return browser.sleep(4000); + }).then(function () { + done(); + }); + } + function completeSetup(done) { var button; @@ -141,10 +157,14 @@ describe('Application life cycle test', function () { }); it('can get app information', getAppInfo); - it('can login', login); + it('can root login', login.bind(null, 'root', 'changeme')); it('can complete setup', completeSetup); it('can upload video', uploadVideo); it('video exists', videoExists); + it('logout', logout); + + it('can login', login.bind(null, username, password)); + it('logout', logout); it('backup app', function () { execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' }); @@ -158,14 +178,22 @@ describe('Application life cycle test', function () { execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' }); }); - it('can login', login); + it('can root login', login.bind(null, 'root', 'changeme')); it('video exists', videoExists); + it('logout', logout); + + it('can login', login.bind(null, username, password)); + it('logout', logout); it('can restart app', function () { execSync('cloudron restart --app ' + app.id); }); - it('can login', login); + it('can root login', login.bind(null, 'root', 'changeme')); it('video exists', videoExists); + it('logout', logout); + + it('can login', login.bind(null, username, password)); + it('logout', logout); // this is not supported for federation it('move to different location', function (done) { @@ -174,20 +202,47 @@ describe('Application life cycle test', function () { }); it('can get app information', getAppInfo); - it('can login', login); + it('can root login', login.bind(null, 'root', 'changeme')); it('video exists', videoExists); + it('logout', logout); + + it('can login', login.bind(null, username, password)); + it('logout', logout); it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' }); }); + // No SSO + it('install app (no sso)', function (done) { + execSync('cloudron install --no-sso --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' }); + setTimeout(done, 20000); // takes a bit to create root user in background + }); + + it('can get app information', function () { + var inspect = JSON.parse(execSync('cloudron inspect')); + + app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0]; + + expect(app).to.be.an('object'); + }); + + it('can login (no sso)', login.bind(null, 'root', 'changeme')); + it('can complete setup', completeSetup); + it('can logout', logout); + + it('uninstall app (no sso)', function () { + execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' }); + }); + // test update - it('can install app', function () { + it('can install app', function (done) { execSync('cloudron install --appstore-id ' + app.manifest.id + ' --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' }); + setTimeout(done, 20000); // takes a bit to create root user in background }); it('can get app information', getAppInfo); - it('can login', login); + it('can root login', login.bind(null, 'root', 'changeme')); it('can complete setup', completeSetup); it('can upload video', uploadVideo); it('video exists', videoExists); @@ -195,8 +250,12 @@ describe('Application life cycle test', function () { it('can update', function () { execSync('cloudron update --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' }); }); - it('can login', login); + it('can root login', login.bind(null, 'root', 'changeme')); it('video exists', videoExists); + it('logout', logout); + + it('can login', login.bind(null, username, password)); + it('logout', logout); it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });